Onboarding the Microsoft SQL Application
Use this task to provision users from Verify to On-Premises Microsoft SQL adapter.
Before you begin
- Configure the identity agent for authentication in Verify. Refer, Configuring through the Verify user interface.
- Deploy and configure the IBM® Security Verify Identity Brokerage On-Premises component.
- Create an application profile. Refer Managing identity adapter application profiles for further details.
Procedure
- Log in as administrator on Verify.
- Select Applications > Applications and click Add application.
- Search application type as the name set for the uploaded application profile from the
menu and click Add application.
For example, if the Microsoft SQL profile was uploaded with name Microsoft SQL, then the application is to be searched with Microsoft SQL.
- On the Add applications page, select the General tab specify the required details.
- Select the Account lifecycle tab.
- Specify the provisioning and deprovisioning policies.
Parameters Description Provision accounts Provision accounts are Disabled by default, which means the account creation is performed outside of IBM Security Verify.
Select the Enabled option in order to automatically provision an account when the entitlement is assigned to a user. Password generations and email notification features are available for the account created using IBM Security Verify.
Deprovision accounts Deprovision accounts are Disabled by default, which means account removal is performed outside of IBM Security Verify.
Select the Enabled option in order to automatically deprovision an account when entitlement is removed from a user.
Account password - Sync user's Cloud Directory password
- The option is available if Password sync is enabled on the Cloud Directory. It uses the Cloud Directory password when a regular user is provisioned to the application. Federated users receive a generated password when provisioned to the application.
- Generate password
- The option generates a random password for the provisioned account. The password is based on the Cloud Directory password policy.
- None
- This option provisions the account without a password.
Send email notification This option is available when the Generate password option is selected. When the Send email notification option is selected, an email notification with the auto generated password is sent to the email address after the account is provisioned successfully. Grace period (days) Set the grace period in days for which deprovisioned account is kept as suspended before deleting it permanently. Deprovision action Delete the account. This fields is available only if the deprovision account field is enabled. - In General section, select Application profile from the drop-down. If the profile does not exist you must create one. For more information see, Managing identity adapter application profiles.
- Specify the API authentication details.
Parameters Description URL Specify the location and port number of the SQL Server Adapter. The port number is defined in the protocol configuration by using the agentCfg program. User ID Specify a Directory Access Markup Language (DAML) protocol user name. The user name is defined in the protocol configuration by using the agentCfg program. SQL Server name Specify the instance name of SQL Server to be managed by this SQL Server Service. The instance name value is an IP address or host name. Identity agent Select an Identity Agent of type provisioning from the drop-down using which the application profile has been discovered. Description Optional field. Add the description if needed. Service Name Specify a name that defines the adapter service on the IBM Security Identity server. Password Specify the password for the DAML protocol user name. This password is defined in the protocol configuration by using the agentCfg program. SQL Admin Account Specify the SQL Server instance administrator account name. SQL Admin Password Specify the SQL Server instance administrator account password. Authentication Specify an authentication mode by which the adapter connects to the SQL Server. From the dropdown menu, accept the default selection, SQL Server Authentication, or select Windows Authentication. Use SSL for Adapter to SQL Server Connection Click this check box to use SSL communication between the adapter and the SQL Server. - Click Test Connection to test the connection to the Microsoft SQL adapter on premises. The connection needs to be successful to provision or reconcile accounts on the Microsoft SQL application.
- Map the target Microsoft SQL attributes to the Verify attributes as needed. Select the Keep updated check box for the attributes that need to be updated on the target.
- Select the Account sync tab.
- In the Adoption policy section, add one or more attribute pairs that need to match for the account sync process to assign Microsoft SQL accounts to their respective account owners on Verify.
- In the Remediation Policies section, choose a remediation policy to remediate non-compliant accounts automatically.
- Click Save.
- After the application is saved, the Entitlements tab enables to manage the Access Type and provisioning or deprovisioning of accounts.